Skillv1.0.10

ClawScan security

Folder UI Visualizer - show the folder through HTML (via Telegram) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 13, 2026, 6:27 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, runtime instructions, and required environment variable (Telegram bot token) are consistent with a folder-to-HTML visualizer that sends the result via Telegram; there are no unexplained credentials, downloads, or hidden endpoints.
Guidance: This skill appears to do exactly what it says: create an XSS-safe HTML directory listing and send it to a Telegram chat. Before installing or using it, make sure you: 1) keep your TELEGRAM_BOT_TOKEN secret (do not paste it into chat); the token enables the skill to upload files as your bot, so only provide it if you trust the bot behavior; 2) ensure the agent environment actually provides the chat_id in conversation context (the skill expects to read it automatically); 3) limit which directories you ask to be listed (don’t request root or sensitive system paths unless you understand the risk); 4) confirm the agent enforces the path-sanitization rules described in SKILL.md (the skill relies on the agent to sanitize user input before invoking node); 5) verify the cleanup step executes (temporary HTML files are written to disk and should be deleted immediately). If you need higher assurance, run the skill inside an isolated VM/container and inspect the generated HTML and send invocation before providing the real TELEGRAM_BOT_TOKEN.

Review Dimensions

Purpose & Capability: okName/description match the required artifacts: node is required to run the included file_lister.js and TELEGRAM_BOT_TOKEN is required to call the Telegram sendDocument API. There are no unrelated binaries, credentials, or config paths requested.
Instruction Scope: okSKILL.md limits actions to: sanitize and normalize a user-supplied path, run node file_lister.js to produce an HTML file, send it via Telegram's sendDocument endpoint using the BOT token from the environment and the chat_id from the conversation context, then delete the file and inform the user. The instructions explicitly prohibit echoing the token and instruct cleanup; they do assume the agent can obtain a chat_id from context.
Install Mechanism: okNo install spec or network downloads are present; this is an instruction-only skill with one local JS file. No archive downloads, external installers, or non-standard paths are used.
Credentials: okOnly TELEGRAM_BOT_TOKEN is required, which is appropriate for sending files via the Telegram Bot API. No other unrelated secrets or credentials are requested. Note: possession of this token allows the skill to send files to Telegram using the bot identity, so it must be treated as sensitive.
Persistence & Privilege: okThe skill is not always-enabled and does not request persistent system privileges. It writes a temporary HTML file in the agent's working directory and instructs deletion; it does not modify other skills or global agent config.